CVE-2012-1823.zip
227.2 KB
CVE-2012-1823
Author: waburig
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain phpgetopt for the 'd' case.
GitHub Link:
https://github.com/waburig/Open-Worldwide-Application-Security-Project-OWASP-
Author: waburig
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain phpgetopt for the 'd' case.
GitHub Link:
https://github.com/waburig/Open-Worldwide-Application-Security-Project-OWASP-
CVE-2025-27591.zip
1.9 KB
CVE-2025-27591
Author: Stp1t
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
GitHub Link:
https://github.com/Stp1t/CVE-2025-27591
Author: Stp1t
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
GitHub Link:
https://github.com/Stp1t/CVE-2025-27591
❤1
CVE-2025-6440.zip
1.5 KB
CVE-2025-6440
Author: rimbadirgantara
None
GitHub Link:
https://github.com/rimbadirgantara/CVE-2025-6440
Author: rimbadirgantara
None
GitHub Link:
https://github.com/rimbadirgantara/CVE-2025-6440
❤1